Menu Categories
Please, enable Wishlist.

No products in the cart.

Return To Shop
Shopping cart (0)
Subtotal: 0.00

View cartCheckout

Create your own Bundle

Privacy and Cookie Policy

Effective Date: 08.04.2025

Introduction

This Privacy and Cookie Policy explains how GalaxyGrip OÜ, doing business as xgify.com (“Company,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal data when you access our website xgify.com (the “Site”) or use our services. We are committed to safeguarding your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Estonia’s data protection laws (such as the Estonian Personal Data Protection Act), as well as other relevant privacy regulations.

By using our Site or services, you agree to the practices described in this Privacy and Cookie Policy (“Policy”). This Policy forms part of our public-facing compliance documentation and should be read together with our Terms & Conditions, Refund Policy, and AML/CTF Policy.

Who We Are

GalaxyGrip OÜ is a private limited company registered in Estonia (Registration No. 16776100). Our registered address is Harju maakond, Tallinn, Lasnamäe linnaosa, Katusepapi tn 6-502, 11412, Estonia. xgify.com operates an online platform offering digital products (digital gift certificates and mobile account top-up cards) to users worldwide. Our services include providing user accounts (“Personal Accounts”), facilitating online purchases, and delivering or granting access to digital products and content.

If you have any questions about our Company or this Policy, please refer to the Contact Details section below. By continuing to use our Site, you confirm that you have read and understood this Policy.

Data We Collect

We collect various types of information from and about users of our Site. This section explains the categories of data we collect and process, along with key definitions and examples.

Definitions

  • Personal Data: Any information that relates to an identified or identifiable natural person. This includes details such as a person’s name, contact information, identification numbers, location data, online identifiers (e.g., IP address), or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. In essence, if a piece of information can be used (on its own or combined with other data) to identify you, it is considered Personal Data.
  • Data Subject: The individual to whom the personal data relates. For purposes of this Policy, this means you as a user of our Site or services – the person whose data we collect and process.
  • Processing: Any operation or set of operations performed on personal data, whether by automated means or not. This includes collecting, recording, organizing, storing, altering, retrieving, using, disclosing or transmitting, deleting, or destroying personal data. In short, practically any action taken with respect to personal data constitutes “processing.”

Personal Data You Provide Voluntarily

We collect personal data that you voluntarily provide to us when using xgify.com. You may give us information in a variety of ways, such as by registering an account, making a purchase, filling in forms on our Site, or corresponding with us. Examples of personal data you provide include:

  • Account Registration Information: When you create an account on our Site, we ask for details such as your full name, email address, and possibly your phone number or other contact information. You will also choose a username and password, which we store to facilitate your login and account access.
  • Transaction and Payment Details: If you purchase products through xgify.com, you provide information necessary to process the transaction. This may include order details and payment information. For example, you might enter credit/debit card details or other payment method information. Please note: for security reasons, xgify.com typically does not store full financial account numbers or raw card details on our servers. Payments are handled by accredited third-party payment processors who process your payment data in compliance with PCI DSS and other applicable standards.
  • Communication and Support Data: If you contact us with an inquiry, feedback, or support request (whether via email, contact form, live chat, or phone), you may provide personal data such as your name, contact details, and the content of your communications. This could include any details you choose to share with us about an issue you are experiencing or questions about our services. We will retain such correspondence and any attachments you send (for example, screenshots or documents) in order to address your inquiry and improve our customer service.
  • Identity Verification Documents: In certain cases, we may request additional documentation from you for compliance or security reasons. For example, to comply with anti-money laundering (AML) and know-your-customer (KYC) regulations, we might ask you to provide copies of identification documents (such as a passport, national ID, driver’s license, or proof of address) or other information to verify your identity. We will only request this information when legally required or as part of our security procedures, and we will process and protect any such sensitive documents in line with this Policy and our internal AML/KYC Policy.
  • Other Information You Choose to Provide: You may provide information in other contexts, such as by participating in surveys, promotions, or user research, or by leaving reviews or comments. Participation in these activities is voluntary, and you will know what information you choose to submit to us. We will treat any such data in accordance with this Policy.

Data Collected Automatically

When you interact with our Site and services, we also collect certain information automatically from your device and browser. This data helps us understand how our Site is being used, secure our services, and enhance your user experience. The categories of data we collect automatically include:

  • Technical Information: We collect technical data from your browser or device when you visit xgify.com. This may include your Internet Protocol (IP) address (which can sometimes indicate your general geographic area), your browser type and version, your device type and model (e.g., mobile or desktop, operating system), and other system settings or device identifiers. We also log the date and time of your visits and what pages or features of the Site you accessed.
  • Usage and Browsing Data: We use analytics tools (such as Google Analytics or similar technologies) to gather information about your navigation on the Site. This includes data like the pages you viewed, the time spent on each page, the links or buttons you clicked, the referring website or source that led you to our Site (for example, a search engine or an advertising link), and your interactions with Site features or content. This information is generally collected in aggregate form to analyze trends and improve our website’s performance, but it may be tied to your account or IP address, which could make it personally identifiable when combined with other data.
  • Cookies and Similar Technologies: We deploy cookies, pixels, and similar tracking technologies on our Site. Cookies are small text files placed on your browser or device that allow us to recognize you and remember your preferences. These technologies help us collect some of the technical and usage data described above. For instance, cookies enable features like staying logged in to your account, keeping items in your shopping cart, personalizing content, or tracking analytics. Some cookies are essential for the Site to function, while others are used for analytics or advertising purposes. For more details on the types of cookies we use and your choices, please see the Cookie Technologies section of this Policy below.

Special Categories of Data and Minors

Special Categories of Personal Data: We do not actively collect any “special categories” of personal data about you, unless you choose to provide such information to us. Special categories (as defined under GDPR) include sensitive data such as information about your health, genetic or biometric data, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning your sex life or sexual orientation. xgify.com does not require any such information for you to use our services, and we advise you not to submit sensitive personal data to us unless it is absolutely necessary. In the rare event you do provide sensitive information to us (for example, if you voluntarily disclose health information during a customer support conversation, or if an identity document you submit reveals your racial or ethnic origin), we will treat that as your explicit consent to process and protect that information for the specific purpose for which you provided it, in accordance with applicable law and this Policy.

Minors: Our website and services are not intended for children or minors. You must be at least 18 years old to register an account or make purchases on xgify.com (or the age of majority in your jurisdiction, if higher). We do not knowingly collect personal data from anyone under the age of 16 (which is the default minimum age for online consent under the GDPR; note that Estonia has set a lower age of 13 for such consent). If you are under the applicable age, please do not use our Site or send us any personal data. In the event we discover that we have collected personal information from a child without verifiable parental consent or otherwise in contradiction with applicable law, we will promptly delete that information. If you are a parent or guardian and believe your child under the age of consent has provided personal data to us, please contact us immediately so that we can take appropriate action.

How We Use Your Data

We use the personal data we collect for a variety of business and operational purposes. All processing of personal data is done in accordance with the GDPR and relevant laws, and only to the extent necessary to fulfill the purposes described. Below are the key purposes for which xgify.com processes your data:

  • Service Delivery and Operations: To provide you with our services and the full functionality of the Site. This includes using your data to create and manage your user account, process your orders and payments, deliver the digital products or codes you have purchased, and provide you with the features you expect (such as maintaining your shopping cart and transaction history). We use personal data to fulfill our contracts with you – for example, using your contact and payment details to complete a sale and deliver the product to you.
  • Customer Communication and Support: To communicate with you about your account or transactions and to respond to your inquiries and requests. We will use your email or other contact details to send you service-related messages such as order confirmations, receipts, delivery notifications, or important updates about your account or the Site (for instance, if we update our Terms of Service or this Privacy Policy). We also process the content of any messages or requests you send to our support team in order to assist you, resolve issues, and improve our services. These communications are usually necessary for the performance of our contract with you or are otherwise in our legitimate interests to maintain good customer relations.
  • Analytics and Product Improvement: To analyze, evaluate, and improve the usability and performance of our website and services. We process usage data and user feedback to understand how people interact with our Site, which features are popular, how our services are performing, and where improvements or new features might be needed. This allows us to troubleshoot problems, optimize the user experience, and innovate new offerings. We typically rely on our legitimate interest in maintaining and improving our platform as the basis for this processing, ensuring that such interests are not overridden by your privacy rights (for example, by using mostly aggregated or pseudonymized data for these purposes whenever feasible).
  • Marketing and Promotional Communications: To send you news, offers, newsletters, or promotional materials aboutproducts or related services, but only if you have opted in or otherwise given us permission to do so. We may use your name and contact information to send occasional emails about special deals, new product launches, or other updates that may be of interest. You are free to unsubscribe or opt out of marketing communications at any time, and we will not send you such communications if you have opted out. We will either seek your consent for such marketing (in line with GDPR requirements for electronic marketing) or rely on permissible legitimate interests under applicable e-privacy laws (for example, contacting existing customers about similar products, as allowed by EU e-Privacy regulations), always providing a clear opt-out mechanism in each message.
  • Legal Compliance and Risk Management: To fulfill our legal obligations and to enforce our terms and policies. This includes processing personal data as necessary to comply with laws and regulations (for example, keeping records for tax and audit purposes or responding to lawful requests by public authorities). It also includes using data for compliance with AML/CTF (Anti-Money Laundering/Counter-Terrorist Financing) laws and KYC verification requirements – for instance, using identity information to screen against sanctions lists or to report suspicious activities as required by law. Additionally, we retain and may use personal information as needed to handle and resolve legal disputes, to enforce our Terms & Conditions or other agreements, and to protect our rights or property, or the rights, property, and safety of our users or others (for example, to investigate fraud, abuse, or security incidents). These activities are based on legal obligations or our legitimate interests in safeguarding our business and users.
  • Security and Fraud Prevention: To maintain the security of our Site, systems, and users’ accounts. We monitor and utilize personal data (especially technical and usage data) to prevent, detect, and investigate fraud, unauthorized access, hacking attempts, and other malicious or illegal activities. For example, we may use IP addresses and cookie data to notice unusual account access patterns or multiple failed login attempts, and we employ automated systems to flag suspicious transactions that might indicate fraud. This processing is based on our legitimate interest in ensuring the integrity and safety of our services, as well as on compliance with certain legal obligations (such as the duty to implement appropriate security measures under GDPR).

We will not use your personal data for purposes that are incompatible with those described above without first obtaining your consent, or unless otherwise required or permitted by law. If we ever need to process your data for a new purpose not covered by this Policy, we will update this Policy and notify you as required by applicable law.

Legal Bases for Processing

Under the GDPR and applicable data protection laws, we must have a valid legal basis to process your personal data. Depending on the specific context and type of personal data involved, xgify.com relies on one or more of the following legal grounds:

  • Contractual Necessity (GDPR Article 6(1)(b)): We process certain personal data because it is necessary to perform the contract that you enter into with us when you use xgify.com. For example, when you register and agree to our Terms & Conditions, or when you make a purchase, a contract is formed between you and us. We need to process your personal data (such as your contact information, payment details, and order information) in order to fulfill our obligations under that contract – i.e., to provide the services or deliver the products you have requested. Without this data, we cannot provide you with the requested services. Any data processing that is essential to complete transactions, provide customer support, or otherwise deliver the services you expect falls under this legal basis.
  • Compliance with Legal Obligations (GDPR Article 6(1)(c)): We will process personal data when we are legally required to do so. Various laws may oblige us to retain or disclose certain information. For instance, financial and tax regulations may require us to keep transaction records for a defined period; anti-money laundering laws may require us to collect and verify identity information and maintain it for auditing or reporting; and data protection laws might obligate us to respond to official requests from government authorities or courts. When we process personal data to comply with a legal obligation, we limit the data and processing to what the law mandates. Examples: keeping invoices and payment records for government tax audits, or providing information in response to a court order or law enforcement subpoena.
  • Legitimate Interests (GDPR Article 6(1)(f)): We process personal data as needed to pursue our legitimate interests as a business, provided that such processing is not overridden by your own rights and freedoms. We have carefully balanced our interests with your privacy. Examples of processing under this basis include: improving and personalizing our website and services (through analytics and user feedback); securing our platform and preventing fraud; sending marketing communications to our existing customers about similar products or services (within the scope allowed by law); and running the day-to-day operations of our business efficiently. When relying on legitimate interests, we ensure that the processing is what you would reasonably expect and has a minimal privacy impact, and we provide opt-outs for certain activities like direct marketing. You have the right to object to processing based on our legitimate interests (see the Data Subject Rights section below for more information).
  • Consent (GDPR Article 6(1)(a)): In some situations, we rely on your consent to process personal data. For instance, if you sign up as a new subscriber to a newsletter or if we want to send you certain promotional emails or text messages, we will ask for your consent where required. Similarly, for certain types of cookies or similar tracking technologies that are not strictly necessary, we obtain your consent through the cookie banner when you first visit our Site. Additionally, if we process any special categories of personal data (sensitive data) that you provide to us, we do so on the basis of your explicit consent or as otherwise allowed by law. Whenever processing is based on consent, you have the right to withdraw your consent at any time (without affecting the lawfulness of processing prior to withdrawal). We make it as easy as possible to revoke consent – for example, by providing “unsubscribe” links in marketing emails and settings to adjust cookie preferences in our cookie consent tool.

(Note: In certain rare cases, other legal bases might apply to specific processing activities (such as protection of vital interests or tasks carried out in the public interest), but these are not typically applicable to our standard operations. We will inform you if we ever rely on such bases.)

Data Sharing and Transfers

We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. However, in order to run our business and provide our services, we do share personal data with certain third parties under strict conditions. This section describes who we share data with, why we share it, and the safeguards in place.

We may disclose or share your personal data with the following categories of recipients:

  • Service Providers (Processors): These are third-party companies that perform services on our behalf and help us operate xgify.com effectively. They include, for example:
    • Payment and Financial Services: Banks, payment gateways, and payment processors (such as credit card processing companies or electronic wallet services) that facilitate your transactions. They receive information like your payment details and purchase amount to process payments securely.
    • IT and Hosting Providers: Cloud storage services, web hosting providers, and other IT infrastructure services that store or manage data under our instructions. This ensures our Site and databases are properly maintained and available. These providers might incidentally process user data (including personal data) as part of managing or supporting our systems.
    • Analytics and Marketing Tools: Third-party analytics platforms (e.g., Google Analytics) that assist us in understanding site traffic and usage patterns, and marketing platforms that help us deliver newsletters or surveys (if you have subscribed to them). These tools may set cookies or collect usage data (see the Cookie Technologies section for more on analytics cookies).
    • Customer Support and Communication Tools: Platforms that help us manage customer communications, such as email delivery services, support ticketing systems, or live chat software used to assist users.
    • Identity Verification and Compliance Services: External vendors that assist with KYC/AML checks, fraud prevention, and verification of documents or information you provide, in order to comply with legal requirements and protect our platform.
  • We ensure that all service providers are bound by appropriate confidentiality and data protection obligations. They are contractually required to process personal data only for the purposes we specify and to adhere to standards consistent with this Policy and the GDPR. In GDPR terms, these third parties typically act as our “data processors,” meaning they process data only on our documented instructions and under our control.
  • Affiliates and Business Partners: If xgify.com is ever involved in a partnership, joint venture, or other collaboration, we might share certain data with those partners for agreed-upon purposes. For example, if we co-sponsor a promotional event or marketing campaign with another company and you opt in, we might share relevant contact information or usage data with that partner. Likewise, if GalaxyGrip OÜ (the operator of xgify.com) in the future has affiliate companies or subsidiaries that help provide our services (for instance, an affiliate in another country), we may share data within our corporate group. Any such sharing will comply with applicable data protection laws, and where required, we will seek your consent. We do not share data with third parties for their own independent marketing purposes unless you have expressly consented to such sharing.
  • Legal and Regulatory Disclosure: We may disclose personal data to government authorities, regulators, law enforcement agencies, courts, or other third parties when we believe it is legally required or necessary to do so. Situations where this might occur include: to comply with a subpoena, court order, or other legal obligation; to respond to lawful requests by public authorities (such as a police investigation, regulatory inquiry, or tax authority audit); to enforce our Terms & Conditions or other agreements; or to protect the rights, property, or safety of xgify.com, our users, or the public. If we receive a request for your data from a governmental or law enforcement authority, we will carefully verify its validity and only provide the minimum data necessary in response (unless a greater disclosure is required by law). Where permitted, we may attempt to notify you of such requests.
  • Corporate Transactions: In the event that our business undergoes a major transaction or change, such as a merger, acquisition by another company, reorganization, or the sale of all or part of our assets, personal data may be transferred to the successor entity or new owner as part of that transaction. We would ensure that any such transfer of data is subject to appropriate confidentiality agreements and that your rights and privacy are preserved (the new owner would be bound to treat your data in line with this Policy or provide you notice of any changes). We will notify users of any change in data controllership, if required by law, as a result of a corporate transaction.

We do not allow third parties to access or use your personal data for their own unrelated purposes. All third parties who process user data on our behalf are vetted for compliance with privacy and security standards. When required, we also enter into Data Processing Agreements (DPAs) with our vendors to ensure your data remains protected and is handled in accordance with GDPR requirements.

International Data Transfers

GalaxyGrip OÜ primarily stores and processes personal data on servers located within the European Union (EU) or European Economic Area (EEA). However, some of our third-party service providers or partners may be based in other countries. If your personal data needs to be transferred to, or accessed from, a location outside the EEA, we will take all necessary steps to ensure the transfer is lawful and that your data is afforded an adequate level of protection equivalent to that provided in Europe.

Specifically, when we transfer personal data internationally, we rely on one or more of the following safeguards:

  • Adequacy Decisions: If the data is sent to a country that the European Commission has formally recognized as providing an “adequate” level of data protection, your personal information will be transferred on that basis. Adequate jurisdictions are those that have been officially approved as having strong data protection laws, allowing data to flow freely to those places (for example, countries within the EEA, or other nations like Canada, Switzerland, Japan, etc., as recognized by the EU as providing adequate protection).
  • Standard Contractual Clauses (SCCs): For transfers to countries without an EU adequacy decision, we may incorporate Standard Contractual Clauses into our contracts with the data importer. SCCs are standardized data protection contract clauses approved by the European Commission that bind the recipient to protect the personal data according to GDPR standards. This mechanism is commonly used for data transfers to, for instance, the United States and other countries lacking an adequacy decision. Where we rely on SCCs, we also assess whether any additional technical or organizational measures are needed to ensure data security (in light of the requirements from the EU “Schrems II” ruling).
  • Other Lawful Mechanisms: In rare cases, we might rely on other permitted transfer mechanisms or specific derogations under GDPR. For example, we may ask for your explicit consent to a particular transfer, or carry out a transfer that is necessary for the performance of a contract with you (such as when you are located outside the EEA and we need to send data to you in order to provide you a service in your country). We will only use these mechanisms in compliance with GDPR and when no other safeguard is available, and only if the transfer meets the relevant legal criteria.

Regardless of where your personal data is transferred, we remain responsible for its privacy and security under our control. Any international transfers of personal data will be carried out in compliance with Chapter V of the GDPR and other applicable regulations. If you have questions about how we handle international data transfers, feel free to contact us using the details provided at the end of this Policy.

Data Subject Rights

As a data subject under EU data protection law, you have a number of important rights regarding the personal data that we hold about you. xgify.com is committed to respecting your rights and facilitating your exercise of them. Below, we outline your principal data subject rights:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to obtain a copy of the personal data we hold about you. This is often called a “Data Subject Access Request.” In addition, we will provide you with information about how we use your data, who we share it with, how long we keep it, and the purposes of processing, consistent with our obligations under GDPR Article 15.
  • Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay (GDPR Article 16). For example, if you change your email address or notice that we have misspelled your name, you can ask us to fix it. We encourage you to keep your account information up-to-date; many changes can be made by you directly within your account settings, and we will assist with any updates you cannot make yourself.
  • Right to Erasure (Right to be “Forgotten”): You have the right to request the deletion of your personal data in certain circumstances (GDPR Article 17). You can ask that we erase your data, for instance, if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent on which processing was based (and we have no other legal basis to continue processing), or if you object to processing based on our legitimate interests and there are no overriding legitimate grounds for us to continue, or if you believe we are processing your data unlawfully. Please note that this right is not absolute – sometimes we may need to retain certain information if required by law or if we have compelling legitimate grounds to keep it. (For example, we generally cannot delete information that we need to fulfill a legal retention obligation or that is necessary to evidence a transaction.) We will inform you if this is the case when responding to your request.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain situations (GDPR Article 18). This means that we would continue to store your data but temporarily suspend any other processing activities. You might request restriction if you contest the accuracy of your data (for a period enabling us to verify it), or if you object to our processing based on legitimate interests (while we evaluate your objection), or if the processing is unlawful but you prefer restriction over deletion, or if we no longer need the data but you want us to keep it to assist you with legal claims. When processing is restricted, we will mark the data as limited and only process it for certain reasons (for example, to establish, exercise, or defend legal claims, to protect the rights of another person, or with your consent).
  • Right to Data Portability: In situations where we process your personal data by automated means and on the basis of your consent or on the basis of a contract with you, you have the right to obtain the personal data you provided to us in a structured, commonly used, machine-readable format (GDPR Article 20). You also have the right to request that we transmit that data directly to another controller, where technically feasible. In plain terms, this right allows you to take the data you have given to us and reuse it elsewhere. Note that this right applies to data you actively provided, and also data generated by your activities which we have observed (such as transactional data or account history), but it does not cover data we create through our analysis or any data that is truly anonymized.
  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances (GDPR Article 21). In particular, you can object at any time to the processing of your personal data for direct marketing purposes. If you object, we will stop processing your data for those purposes immediately. You can also object when we are processing your data based on legitimate interests (or performing a task in the public interest/exercise of official authority) and you feel that such processing impacts your rights and freedoms. In such cases, if you lodge an objection, we will review it and will cease processing the data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is needed for the establishment or defense of legal claims.
  • Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time (GDPR Article 7(3)). This will not affect the lawfulness of any processing that took place prior to withdrawal. For example, if you consented to receive marketing emails, you can later opt out by clicking “unsubscribe” in an email or adjusting your account settings, and we will stop sending you marketing messages. Similarly, you can withdraw consent for non-essential cookies by changing your cookie settings on our Site. Once consent is withdrawn, we will cease the relevant processing unless we have an alternative legal basis that we have communicated to you.
  • Right Not to Be Subject to Automated Decisions: xgify.com does not currently make any decisions about you that have legal or similarly significant effects solely by automated means (i.e., without any human involvement). If that ever changes, you would have the right under GDPR Article 22 not to be subject to a purely automated decision (including profiling) that produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply (such as you explicitly consenting to it, or it being necessary for a contract with you, with suitable safeguards in place). We will inform you and obtain your consent if we introduce any automated decision-making processes that would fall under this provision.

In addition to the above rights, you always have the right to lodge a complaint with a supervisory authority if you believe that we are not complying with applicable data protection law. If you are in the EU, you can contact the data protection authority in the country of your residence or where an alleged infringement occurred (for example, the Estonian Data Protection Inspectorate if you are in Estonia). If you are located outside of the EU, you may have the right to file a complaint with the relevant privacy regulator in your region. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please consider reaching out to us first.

Exercising Your Rights: You can exercise any of your data subject rights by contacting us (see the Contact Details section below). We will respond to your request as soon as possible and within the timeframes required by law (generally within one month, which may be extendable under certain circumstances). We may need to verify your identity before fulfilling certain requests, to ensure that we do not disclose personal data to the wrong person or make incorrect changes. This could involve asking you to provide information or documentation to confirm you are the account holder or data subject in question. You will not have to pay a fee to exercise your rights unless your request is manifestly unfounded or excessive, in which case (as permitted by law) we may charge a reasonable fee or refuse the request with an explanation.

Cookie Technologies (Types and Controls)

This section provides detailed information about the cookies and similar tracking technologies we use on the xgify.com Site, the types of cookies we (and our partners) employ, and how you can manage or disable these technologies. It complements the summary provided in the Data Collected Automatically section above.

What Are Cookies?

Cookies are small text files that websites send to your device (computer, tablet, smartphone) when you visit them. Your web browser stores these files and sends them back to the website (or to another website that recognizes the cookie) on each subsequent visit. Cookies serve as a memory mechanism for websites, allowing the site to recognize your browser on return visits. They perform a variety of functions, such as keeping you logged in, remembering preferences, and enabling certain site features. Cookies can also help collect data about how you use the site (for example, which pages you visited and how long you spent on them) and can sometimes be used to tailor advertisements to your interests.

In addition to cookies, we and our partners may use similar tracking technologies like web beacons (small graphic images also known as “pixel tags” or “clear GIFs”), scripts, or local storage objects. Web beacons are often used in combination with cookies to help understand user interactions with websites or emails (for instance, to see if you opened a particular email). Local storage (including HTML5 local storage and browser cache) allows larger amounts of data to be stored on your device, and serves similar purposes as cookies. For simplicity, this Policy refers to all these technologies collectively as “cookies,” but this broader definition covers all sorts of trackers that may operate on our Site.

Cookies can be categorized in several ways:

  • First-party vs Third-party Cookies: First-party cookies are those set by us (the domain you are visiting, e.g., xgify.com) and can only be read by our Site. Third-party cookies are set by a different domain (for example, by our analytics or advertising partners) and can be read by that third party. We use both first-party and third-party cookies on xgify.com. Third-party cookies are typically used for analytics, advertising, and social media integration.
  • Session vs Persistent Cookies: Session cookies are temporary cookies that last only for the duration of your browsing session on our Site; they are deleted from your device when you close your browser. Persistent cookies remain on your device for a defined period of time or until you delete them. Persistent cookies enable the website to “remember” you or your preferences when you return beyond a single session (for example, to keep you logged in or to remember your language preferences across visits).

Now, we will outline the types of cookies we use and their purposes.

Types of Cookies We Use

We use the following categories of cookies on the Site:

  • Essential Cookies (Strictly Necessary Cookies): These cookies are crucial for the basic functioning of our website. They enable core features such as page navigation, access to secure areas (e.g., logging into your Personal Account), and transaction checkout. For instance, when you log in, an essential cookie keeps you logged in as you move between pages; and when you add items to your cart, an essential cookie remembers those items until you complete the purchase. Without these cookies, services you have asked for (like adding a product to your cart or logging into your account) cannot be provided, and the website may not operate properly. Important: Because these cookies are necessary for the operation of the Site, they are generally stored without requiring consent (where allowed by law). You can still block them via your browser settings, but doing so might break certain functionality of the site.
  • Functional Cookies (Preference Cookies): Functional cookies allow our Site to remember the choices you make and provide enhanced, more personal features. They are not strictly necessary for basic operation, but they make your experience smoother and more customized. For example, a functional cookie may remember your preferred language or region, so that on your next visit the Site appears in your chosen language automatically. These cookies might also remember display preferences (e.g., dark mode or other layout settings) or other customizations you have made. If you disable these cookies, some of our services may lose their personalization and you may need to re-enter certain information or preferences each time you visit.
  • Analytical/Performance Cookies: These cookies collect information about how visitors use our website – for example, which pages are visited most often, how users navigate around the site, and if they encounter errors. The data gathered is typically aggregated and anonymous, and is used to improve the way our website works and to understand user engagement. For instance, we might use analytics cookies to determine that a certain page is causing users to leave (indicating we should improve its content or loading speed), or that a marketing campaign brought in a lot of new visitors who mostly viewed a particular product page. We use both first-party analytics cookies and third-party analytics services (like Google Analytics) that set their own cookies. While these cookies are focused on statistical purposes and do not directly identify you by name, they might collect identifiers like IP addresses or device IDs which could indirectly identify you. We treat information collected by analytical cookies as personal data if it can be linked to you. However, we primarily use this data in aggregated form for performance and usability insights. You can opt out of these analytics cookies via our cookie banner preferences or by using tools provided by the analytics providers (for example, Google’s browser add-on to opt out of Google Analytics).
  • Advertising and Marketing Cookies: Advertising cookies are used to deliver content or ads that are more relevant to you and your interests, both on our Site and on other websites. They may also be used to limit the number of times you see an ad and to help measure the effectiveness of advertising campaigns. These cookies often track your browsing habits and activity across our Site and other sites over time. For example, we (or third-party ad networks we work with) may place advertising cookies that remember that you visited our Site and use that information to display targeted ads for xgify.com products on other websites. Conversely, if you’ve interacted with certain third-party ads or websites, those third parties might use cookies to inform us about your likely interests so we can better tailor content on our Site. Advertising cookies usually collect device identifiers and certain activity information, and may share that information with third-party advertising partners or networks (such as through Google Ads or Facebook Pixel). This category may also include retargeting cookies and social media cookies set by social platforms if they track browsing across sites for advertising purposes (see Social Media Cookies below). We will only use advertising/marketing cookies where we have obtained your consent to do so. If you opt out of these cookies, you will still see advertisements, but they may be less relevant to you.
  • Social Media Cookies: Our Site may integrate features from social media or other third-party platforms (such as Facebook, Twitter, Instagram, or Google). For example, you might see a “Share” or “Like” button on a product page, or you might have the option to log in using a social media account. These features often set cookies provided by the respective third-party platform to recognize you when you interact with them or to track the interaction (such as recording that you clicked the “Like” button on our Site). Additionally, if we embed content from third-party sites (like a YouTube video or an Instagram feed), those services might set their own cookies. Social media cookies can collect information about your browser and usage, and they may link that information to your profile on their platform. This can result in the third-party platform knowing that you visited our Site. If you are logged into those social networks, the cookie can associate your visit with your account on that platform. These cookies are typically set by the third party, not by xgify.com, but we include them here so you are aware of their presence. Social media platforms will have their own privacy and cookie policies which govern their use of the information they collect. You can usually control these cookies by adjusting your account settings on the respective social platform or by using our cookie preference tools on the Site.

Note: Some cookies may fit into more than one category depending on how they are used. For example, a cookie could be both an analytics cookie and a third-party cookie (if the analytics service is provided by a third party), or a social media cookie could also be used for advertising purposes (if the social platform uses data from your visit to target ads). We strive to give you granular control over these categories via our consent banner or cookie settings on our Site.

Third-Party Cookies and External Links

While using our Site, you may encounter content or services from third parties that deploy their own cookies or tracking technologies. It’s important to understand that third-party cookies operate under the domains of those third parties and are subject to their privacy policies, not ours. Here are a few instances to be aware of:

  • Analytics & Advertising Partners: As noted above, we use third-party services for analytics (e.g., Google Analytics) and advertising (e.g., Google Ads, Facebook Ads, or other ad networks). These services set their own cookies to collect information about your device and browsing behavior on our Site. Although we engage these parties to help us improve our services and marketing, we do not control the exact tracking methods they use or the data they collect for their own purposes. However, we do vet these partners to ensure they are reputable and compliant with privacy laws. We encourage you to review the privacy and cookie policies of any third-party analytics or advertising services we use (for example, Google’s Privacy Policy and Cookie Policy) to understand what they do with the information they obtain.
  • Social Media Plug-ins: If our Site includes social sharing buttons or login integrations (such as “Continue with Google” or “Login with Facebook”), those platforms may set cookies when you interact with those features or even when you simply view a page containing them. These cookies might track your interaction (for instance, recording a “share” action) or help authenticate your session with that third-party service. xgify.com does not have access to the information collected by these third-party cookies. If you are concerned about this type of tracking, you can log out of the respective social media accounts before using our Site, or use browser add-ons to block social media trackers.
  • External Links: Our Site or communications (such as emails) may contain links to external websites or content that we do not operate. If you click a link to a third-party website (for example, a payment provider’s site when completing a transaction, or an informational resource), you will be directed to that third party’s site. Browsing any third-party website is subject to that website’s own rules and policies, including their cookie practices. Those sites may place their own cookies on your device once you visit them. xgify.com is not responsible for the privacy practices or cookie usage of external sites that are not under our control. We recommend that you review the privacy and cookie policies of any external websites you visit via links from our Site.

In summary, while we do our best to only partner with trusted third parties, any cookies or tracking technologies placed by third parties are not managed by xgify.com. If you have questions about which third-party services we currently use on our Site, feel free to contact us for more information. We can provide a list of significant third-party cookies or partners upon request.

Managing and Disabling Cookies

You have several options to manage, limit, or delete cookies and similar technologies. Below are some methods available to control cookies:

  • Cookie Consent Banner/Preference Center: When you first visit our Site (and periodically thereafter, as required by law or when significant changes occur), we display a cookie consent banner that allows you to choose which types of cookies to accept or reject. You can typically opt in or out of different categories (except strictly necessary cookies, which are always enabled as they are essential). If you wish to change your preferences later, look for a “Cookie Settings” or “Cookie Preferences” link on our Site (often found in the website footer or within this Policy page). Clicking that link will bring up our cookie preference center again, enabling you to modify your consent choices at any time.
  • Browser Settings: Most web browsers provide settings that allow you to control cookies at the browser level. You can set up your browser to notify you when cookies are being set or updated, or to block some or all cookies. You can also usually delete cookies that have already been set. The method for doing this varies by browser, but here are some general examples:
    • Google Chrome: Go to Settings > Privacy and Security > Cookies and other site data to manage cookie settings, and to Privacy and Security > Clear browsing data to delete stored cookies.
    • Safari (on Apple devices): Go to your device Settings > Safari > Privacy & Security to block cookies, and Advanced > Website Data to view and remove specific cookies.
    • Mozilla Firefox: Go to Options (or Preferences) > Privacy & Security > Cookies and Site Data to manage cookie settings and clear data.
    • Microsoft Edge: Go to Settings > Cookies and site permissions to manage cookies, or Settings > Privacy, search, and services to find options to clear browsing data (including cookies).
  • (For other browsers or updated instructions, please refer to your browser’s help documentation or support website for specific guidance.)
     Most browsers allow you to do the following: view the cookies stored on your device and delete them on an individual basis; block third-party cookies (or all cookies); clear all cookies when you close the browser; and receive notifications when new cookies are being set. Using these settings, you can typically customize your cookie handling to your preferences. Note: Blocking or deleting cookies may negatively impact your experience on our Site. For example, if you disable all cookies, you may not be able to log in or use certain important features, and if you clear cookies it will log you out of sessions and may reset any preferences you set.
  • Browser Extensions/Tools: There are third-party browser extensions and tools that can help you manage cookies and trackers more granually. For instance, browser add-ons like Ghostery or Privacy Badger can show you what trackers are present on a page and allow you to block them selectively. There is also the Google Analytics Opt-out Browser Add-on provided by Google, which prevents Google Analytics from collecting data about you on any site that uses it. Using such tools can give you more fine-tuned control over online tracking. Be mindful, however, that blocking certain trackers or scripts can sometimes break specific site functionalities.
  • Do Not Track (DNT): Some browsers offer a “Do Not Track” setting that sends a signal to websites indicating that you do not want to be tracked. However, there is currently no universal standard for how sites should respond to DNT signals. At this time, xgify.com does not respond differently to browsers with a DNT signal, but we continue to monitor developments around DNT and may adjust our practices if a consensus standard emerges in the future.
  • Mobile Opt-Out (for Advertising): If you access our services via mobile apps (if applicable) or via a mobile web browser, you can also manage advertising identifiers on your mobile device. On iOS devices, for example, you can go to Settings > Privacy > Advertising (or Privacy & Security > Apple Advertising on newer iOS versions) to enable options like “Limit Ad Tracking.” On Android devices, you can go to Settings > Google > Ads and select “Opt out of Ads Personalization.” While these settings are not cookies per se, they control similar tracking concepts (mobile advertising IDs) used for advertising on mobile platforms.

Remember, aside from those cookies that are strictly necessary, you are in control of whether cookies are used on your device. We strive to respect your choices at all times. If you choose to opt out of certain categories of cookies, we will do our best to ensure those cookies are not set or used in future visits (though note that if you clear your cookies entirely, it may also clear the record of your preferences, meaning you might need to set your opt-out choices again).

Data Security

We understand that the security of your personal data is of utmost importance. xgify.com has implemented a robust framework of technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction. We maintain and regularly update our security practices to meet or exceed industry standards. Key measures we employ include:

  • Encryption: We use encryption protocols to protect sensitive data. For example, our Site is accessible only over HTTPS, meaning that all data transmitted between your browser and our servers is encrypted in transit using Transport Layer Security (TLS). This helps prevent eavesdropping or interception of your data while it travels over the internet. Additionally, certain sensitive information (such as passwords, payment information, and identity documents) is encrypted at rest in our databases or on our secure servers, adding an extra layer of protection for that data.
  • Access Control and Confidentiality: We limit access to personal data strictly to those employees, contractors, and service providers who need it to perform their job duties or provide our services to you. Access to systems that contain personal data is controlled through user authentication, strong password requirements, two-factor authentication (where appropriate), and role-based access permissions (so individuals only access data that is necessary for their role). All staff at GalaxyGrip OÜ (and any relevant contractors) are subject to confidentiality obligations and receive training on data privacy and security best practices. We also implement measures like account lockout policies (to prevent brute-force login attacks) and we maintain logs of access to critical systems to provide an audit trail and detect any unauthorized access attempts.
  • Network and Application Security: We employ firewalls and intrusion detection/prevention systems to guard our network perimeter and alert us to suspicious activities. Our IT team regularly applies security patches and software updates to keep systems up-to-date and to remediate vulnerabilities swiftly. We follow secure coding practices in the development of the xgify.com platform to minimize common security risks (such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), etc.). Before deploying major updates or new features, we conduct testing which may include security audits or code reviews. We also take regular backups of critical data and store them securely (with encryption) to ensure we can recover information in case of data loss or disaster.
  • Monitoring and Testing: We continuously monitor our systems and infrastructure for possible vulnerabilities and signs of attacks. This includes automated monitoring tools that scan for unusual behavior or potential intrusions, as well as periodic security assessments and penetration testing performed by internal experts or external specialized firms. By proactively identifying weaknesses, we can address them before they are exploited. We also review our vendors’ security measures (through due diligence processes and contractual requirements) to ensure any third-party handling of data meets our security standards.
  • Incident Response Plan: Despite strong preventive measures, no system is completely immune to incidents. That’s why we have an established data breach response plan. In the event of a security incident or data breach (for example, unauthorized access to personal data or accidental loss of data), we will activate our incident response procedures. This involves containing the incident, mitigating any harm, investigating the root cause, and taking corrective action to prevent future occurrences. We will also notify the relevant supervisory authority (such as the Estonian Data Protection Inspectorate, our lead data protection regulator) within 72 hours of becoming aware of a personal data breach, if required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms (for example, if sensitive data or financial information was exposed), we will also inform the affected individuals without undue delay, as required by GDPR Article 34. Our goal is to be transparent and act responsibly in the unfortunate event of a breach.
  • Physical Security: Where personal data is stored in physical or hardcopy form, or on physical servers, we implement physical security controls to protect against unauthorized access. Our offices (and the facilities of any cloud providers or data centers we use) are secured with measures such as access badges or keys, alarm systems, surveillance cameras, and, where applicable, 24/7 security personnel. These measures help prevent unauthorized physical access to systems that store personal data.

While we are committed to protecting your data, it’s important to note that no method of transmission over the internet and no method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security of your information at all times. Users of our Site also have a role to play in maintaining security: we encourage you to use a strong, unique password for your xgify.com account, to protect your account credentials, and to log out of your account when using shared or public devices. Be cautious of potential “phishing” attempts – for example, xgify.com will never ask you for your password via email, and you should always verify that you are using our official Site domain when entering login information. If you suspect any unauthorized access to your account or discover any security vulnerabilities or incidents, please contact us immediately so we can investigate and assist.

Policy Updates

We may update or revise this Privacy and Cookie Policy from time to time in response to evolving legal, technical, or business developments.

Changes and Updates: Any changes we make will be posted on this page with an updated “Effective Date” at the top of the Policy. Minor changes might be made without specific notice, but if we make any material changes that significantly affect how we handle your personal data or your rights, we will take additional steps to inform you. This could include, for example, posting a prominent notice on our homepage, adding an alert within your user account dashboard, or reaching out to you via email (if we have your email on file and such notification is required by law). We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

If we update our Policy, we may highlight the changes for your convenience (for instance, by providing a summary of key modifications). However, your continued use of the Site or our services after the effective date of the updated Policy will be deemed acceptance of those changes (except to the extent you expressly consent to certain changes when required by law).

We will not reduce your rights under this Privacy and Cookie Policy without your consent. If you disagree with any changes to the Policy, you should stop using our services. You can always contact us if you have questions or concerns about any changes, or if you wish to exercise your rights regarding the information we hold about you.

Contact Details

If you have any questions, concerns, or requests regarding this Privacy and Cookie Policy or about how xgify.com handles your personal data, please do not hesitate to contact us. You can reach us through the following contact details:

  • Company Name: GalaxyGrip OÜ
  • Registration Number: 16776100
  • Registered Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Katusepapi tn 6-502, 11412, Estonia
  • Website: https://xgify.com
  • Email: [email protected]

By using the xgify.com Site and our services, you acknowledge that you have read this Privacy and Cookie Policy and understand its contents. We appreciate your trust in xgify.com, and we are committed to protecting your personal data and privacy rights.

Help

Useful links​

About us​

Be the first to know

Subscribe and get latest propositions

Follow us

X-twitter Instagram

GalaxyGrip OU, 16776100, Harju maakond, Tallinn, Lasnamäe linnaosa, Katusepapi tn 6-502, 11412

2025 © xGify All Rights Reserved